CVE-2026-23555
Assertion Failure in Xenstored Allows Guest-Induced Service Crash
Publication date: 2026-03-23
Last updated on: 2026-04-10
Assigner: Xen Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xen | xen | From 4.18.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-617 | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-23555 is a denial-of-service (DoS) vulnerability in Xenstored, the store daemon of the Xen hypervisor. It occurs when any unprivileged guest issues a Xenstore command accessing the illegal node path "/local/domain/". This causes xenstored to crash due to a corrupted error indicator triggered during node path verification, specifically failing an assert() statement.'}, {'type': 'paragraph', 'content': "If xenstored is compiled with NDEBUG defined (which disables assert), the unprivileged guest's request is ignored, but xenstored consumes 100% CPU time, causing a DoS by resource exhaustion without crashing."}] [1]
How can this vulnerability impact me? :
This vulnerability allows any unprivileged domain (guest) to crash xenstored or cause it to become fully busy, resulting in denial of service for all Xenstore operations.
As a result, further domain administration on the host is prevented, potentially disrupting management and operation of virtual machines.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability occurs when an unprivileged guest issues a Xenstore command accessing the illegal node path "/local/domain/", causing xenstored to crash or consume 100% CPU time.'}, {'type': 'paragraph', 'content': 'To detect this vulnerability on your system, monitor the xenstored process for crashes or unusually high CPU usage.'}, {'type': 'list_item', 'content': 'Use commands like `ps aux | grep xenstored` to check if the xenstored process is running.'}, {'type': 'list_item', 'content': 'Use `top` or `htop` to observe if xenstored is consuming excessive CPU resources.'}, {'type': 'list_item', 'content': 'Check system logs for crashes or errors related to xenstored.'}, {'type': 'paragraph', 'content': 'There are no specific commands provided to detect the issuance of the illegal Xenstore command itself.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The only known mitigation is to apply the patch provided in XSA-481 (xsa481.patch) which fixes the vulnerability in xenstored.
Switching to alternative xenstored implementations like oxenstored or xenstore-stubdom is not permitted as a mitigation because it changes guest-visible configuration.
Until the patch is applied, monitor xenstored for crashes or high CPU usage caused by unprivileged guests issuing the illegal command.